Examples with RsaVerifier org.springframework.security.jwt.crypto.sign.RsaVerifier used on opensource projects

Example 1 with RsaVerifier

use of org.springframework.security.jwt.crypto.sign.RsaVerifier in project spring-security-oauth by spring-projects.

the class JwtTests method rsaVerificationIsInverseOfSigning.

@Test
public void rsaVerificationIsInverseOfSigning() {
    Jwt jwt = JwtHelper.encode(JOE_CLAIM_SEGMENT, new RsaSigner(N, E));
    jwt.verifySignature(new RsaVerifier(N, D));
}

Example 2 with RsaVerifier

use of org.springframework.security.jwt.crypto.sign.RsaVerifier in project spring-security-oauth by spring-projects.

the class JwkDefinitionSource method createRsaVerifier.

private static RsaVerifier createRsaVerifier(RsaJwkDefinition rsaDefinition) {
    RsaVerifier result;
    try {
        BigInteger modulus = new BigInteger(1, Codecs.b64UrlDecode(rsaDefinition.getModulus()));
        BigInteger exponent = new BigInteger(1, Codecs.b64UrlDecode(rsaDefinition.getExponent()));
        RSAPublicKey rsaPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent));
        if (rsaDefinition.getAlgorithm() != null) {
            result = new RsaVerifier(rsaPublicKey, rsaDefinition.getAlgorithm().standardName());
        } else {
            result = new RsaVerifier(rsaPublicKey);
        }
    } catch (Exception ex) {
        throw new JwkException("An error occurred while creating a RSA Public Key Verifier for " + rsaDefinition.getKeyId() + " : " + ex.getMessage(), ex);
    }
    return result;
}

Example 3 with RsaVerifier

use of org.springframework.security.jwt.crypto.sign.RsaVerifier in project cloudbreak by hortonworks.

the class CachedRemoteTokenService method getSSOAuthentication.

private OAuth2Authentication getSSOAuthentication(String accessToken) {
    try {
        SignatureVerifier verifier = isAssymetricKey(jwtSignKey) ? new RsaVerifier(jwtSignKey) : new MacSigner(jwtSignKey);
        Jwt jwt = JwtHelper.decodeAndVerify(accessToken, verifier);
        Map<String, Object> claims = objectMapper.readValue(jwt.getClaims(), new MapTypeReference());
        Object userClaim = claims.get("user");
        Map<String, Object> tokenMap = new HashMap<>();
        Map<String, Object> userMap = objectMapper.readValue(userClaim.toString(), new MapTypeReference());
        String exp = claims.get("exp").toString();
        tokenMap.put("exp", Long.valueOf(exp));
        Object email = userMap.get("email");
        tokenMap.put("user_id", email);
        tokenMap.put("user_name", email);
        tokenMap.put("scope", Arrays.asList("cloudbreak.networks.read", "periscope.cluster", "cloudbreak.usages.user", "cloudbreak.recipes", "openid", "cloudbreak.templates.read", "cloudbreak.usages.account", "cloudbreak.events", "cloudbreak.stacks.read", "cloudbreak.blueprints", "cloudbreak.networks", "cloudbreak.templates", "cloudbreak.credentials.read", "cloudbreak.securitygroups.read", "cloudbreak.securitygroups", "cloudbreak.stacks", "cloudbreak.credentials", "cloudbreak.recipes.read", "cloudbreak.blueprints.read"));
        OAuth2AccessToken oAuth2AccessToken = jwtAccessTokenConverter.extractAccessToken(accessToken, tokenMap);
        if (oAuth2AccessToken.isExpired()) {
            throw new InvalidTokenException("The token has expired");
        }
        OAuth2Authentication oAuth2Authentication = jwtAccessTokenConverter.extractAuthentication(tokenMap);
        if (oAuth2Authentication != null) {
            LOGGER.info("JWT token verified for: {}", oAuth2Authentication.getPrincipal());
        }
        return oAuth2Authentication;
    } catch (IOException e) {
        LOGGER.error("Failed to parse the JWT token", e);
        throw new InvalidTokenException("The specified JWT token is invalid", e);
    }
}

Example 4 with RsaVerifier

use of org.springframework.security.jwt.crypto.sign.RsaVerifier in project spring-security-oauth by spring-projects.

the class JwtTests method rsaSignedTokenParsesAndVerifies.

@Test
public void rsaSignedTokenParsesAndVerifies() {
    Jwt jwt = JwtHelper.decode(JOE_RSA_TOKEN);
    jwt.verifySignature(new RsaVerifier(N, E));
    assertEquals(JOE_CLAIM_SEGMENT, jwt.getClaims());
}

Example 5 with RsaVerifier

use of org.springframework.security.jwt.crypto.sign.RsaVerifier in project spring-security-oauth by spring-projects.

the class JwtAccessTokenConverter method afterPropertiesSet.

public void afterPropertiesSet() throws Exception {
    if (verifier != null) {
        // Assume signer also set independently if needed
        return;
    }
    SignatureVerifier verifier = new MacSigner(verifierKey);
    try {
        verifier = new RsaVerifier(verifierKey);
    } catch (Exception e) {
        logger.warn("Unable to create an RSA verifier from verifierKey (ignoreable if using MAC)");
    }
    // Check the signing and verification keys match
    if (signer instanceof RsaSigner) {
        byte[] test = "test".getBytes();
        try {
            verifier.verify(test, signer.sign(test));
            logger.info("Signing and verification RSA keys match");
        } catch (InvalidSignatureException e) {
            logger.error("Signing and verification RSA keys do not match");
        }
    } else if (verifier instanceof MacSigner) {
        // Avoid a race condition where setters are called in the wrong order. Use of
        // == is intentional.
        Assert.state(this.signingKey == this.verifierKey, "For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key");
    }
    this.verifier = verifier;
}